AlmaLinux has recently released important security updates for several critical software components, including nginx, the Linux kernel, Git, and Sudo. These updates aim to address various vulnerabilities that could impact system security and performance.
1. nginx: 1.24 Security Update (Moderate)
- Release Date: July 24, 2025
- Severity: Moderate
- Issue: A specially crafted MP4 file may cause a denial of service (CVE-2024-7347).
- More Info: [nginx Security Details](https://errata.almalinux.org/9/ALSA-2025-3262.html)
2. Kernel Security Update (Important)
- Release Date: July 24, 2025
- Severity: Important
- Issue: Exfat: fix random stack corruption after get_block (CVE-2025-22036).
- More Info: [Kernel Security Details](https://errata.almalinux.org/10/ALSA-2025-10854.html)
3. Git Security Update (Important)
- Release Date: July 24, 2025
- Severity: Important
- Issues:
- Git does not sanitize URLs when asking for credentials (CVE-2024-50349).
- Newline confusion in credential helpers can lead to credential exfiltration (CVE-2024-52006).
- Potential arbitrary code execution and file write issues (CVE-2025-48384, CVE-2025-48385).
- Flaws in Gitk that could lead to file creation and script execution vulnerabilities (CVE-2025-27613, CVE-2025-27614).
- More Info: [Git Security Details](https://errata.almalinux.org/10/ALSA-2025-11533.html)
4. Sudo Security Update (Important)
- Release Date: July 24, 2025
- Severity: Important
- Issues: Local privilege escalation (LPE) vulnerabilities via host and chroot options (CVE-2025-32462, CVE-2025-32463).
- More Info: [Sudo Security Details](https://errata.almalinux.org/10/ALSA-2025-11537.html)
For developers and system administrators using AlmaLinux, it's crucial to stay informed about such updates to ensure the safety and reliability of their systems. The AlmaLinux community continues to provide support, making it easier for users to manage their systems effectively
Summary of Updates:
1. nginx: 1.24 Security Update (Moderate)
- Release Date: July 24, 2025
- Severity: Moderate
- Issue: A specially crafted MP4 file may cause a denial of service (CVE-2024-7347).
- More Info: [nginx Security Details](https://errata.almalinux.org/9/ALSA-2025-3262.html)
2. Kernel Security Update (Important)
- Release Date: July 24, 2025
- Severity: Important
- Issue: Exfat: fix random stack corruption after get_block (CVE-2025-22036).
- More Info: [Kernel Security Details](https://errata.almalinux.org/10/ALSA-2025-10854.html)
3. Git Security Update (Important)
- Release Date: July 24, 2025
- Severity: Important
- Issues:
- Git does not sanitize URLs when asking for credentials (CVE-2024-50349).
- Newline confusion in credential helpers can lead to credential exfiltration (CVE-2024-52006).
- Potential arbitrary code execution and file write issues (CVE-2025-48384, CVE-2025-48385).
- Flaws in Gitk that could lead to file creation and script execution vulnerabilities (CVE-2025-27613, CVE-2025-27614).
- More Info: [Git Security Details](https://errata.almalinux.org/10/ALSA-2025-11533.html)
4. Sudo Security Update (Important)
- Release Date: July 24, 2025
- Severity: Important
- Issues: Local privilege escalation (LPE) vulnerabilities via host and chroot options (CVE-2025-32462, CVE-2025-32463).
- More Info: [Sudo Security Details](https://errata.almalinux.org/10/ALSA-2025-11537.html)
Conclusion
These updates highlight AlmaLinux's commitment to maintaining a secure environment by promptly addressing vulnerabilities across essential software packages. Users are encouraged to apply these updates to enhance their system's security posture. For additional queries or to manage notification preferences, users can visit the AlmaLinux community chat or mailing list management page.For developers and system administrators using AlmaLinux, it's crucial to stay informed about such updates to ensure the safety and reliability of their systems. The AlmaLinux community continues to provide support, making it easier for users to manage their systems effectively
Nginx, Kernel, Git, Sudo updates for AlmaLinux
AlmaLinux has received several security updates, including nginx:1.24, kernel security update, git security update, and sudo security update.
ALSA-2025:3262: nginx:1.24 security update (Moderate)
ALSA-2025:10854: kernel security update (Important)
ALSA-2025:11533: git security update (Important)
ALSA-2025:11537: sudo security update (Important)Nginx, Kernel, Git, Sudo updates for AlmaLinux @ Linux Compatible
